fix: avoid Docker Hub rate limits using GHCR registry image#558
Merged
Conversation
…miting Unauthenticated Docker Hub pulls are limited to 100/6hrs, causing frequent CI failures when k3d pulls docker.io/library/registry:2 and when Dockerfiles pull golang base images. Add docker/login-action to all CI jobs (test, build, check, e2e, push-artifacts) using DOCKERHUB_USERNAME and DOCKERHUB_TOKEN secrets. This raises the pull rate to 200/6hrs. Closes ai-dynamo#538 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Update DOCKERHUB_USERNAME → DOCKERHUB_LOGIN_USER and DOCKERHUB_TOKEN → DOCKERHUB_ACCESS_TOKEN to match the secret names already configured in the GitHub organization. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…GHCR The e2e self-hosted runner was hitting Docker Hub unauthenticated pull rate limits when k3d pulled docker.io/library/registry:2 to create its local registry container. Instead of adding Docker Hub credentials, pre-pull the equivalent image from GHCR (ghcr.io/distribution/distribution:3.1.0, published by the same upstream project) and tag it as registry:2 before k3d runs. GHCR has no pull rate limits for public images. Also remove unnecessary Docker Hub login steps from test/build/check jobs (no Docker pulls happen there) and from push-artifacts (GitHub- hosted runners cache common base images). Closes ai-dynamo#538 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
shayasoolin
approved these changes
Apr 28, 2026
enoodle
approved these changes
Apr 28, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
E2E CI was failing intermittently with:
When k3d creates its local registry container it pulls
registry:2from Docker Hub. The self-hosted runner hits the 100 pulls/6hr unauthenticated limit.Solution
Pre-pull the equivalent image from GHCR before k3d runs and tag it as
registry:2:ghcr.io/distribution/distributionis published by the same upstream project (distribution/distribution) and has no pull rate limits. When k3d runs, Docker findsregistry:2already cached locally and skips the Docker Hub pull entirely.No secrets or credentials required.
Changes
ghcr.io/distribution/distribution:3.1.0and tag asregistry:2before k3d runsCloses #538
🤖 Generated with Claude Code